Re: Fake Student Applications/Registrations

["Von Welch (Work)" <von () VONWELCH COM>]

Nathan,

 In addition to .edu email addresses, I’ve seen cases of attackers fredulently getting EDU accounts and abusing those 
accounts through federated identity, e.g. InCommon, to abuse remote resources that are open to higher ed users. If your 
organization is an InCommon IdP, I suggest checking with your IdP operator (probably in your IdM group), for signs of 
outgoing abuse.

Best,

Von
--
Von Welch
Director and PI, NSF Cybersecurity Center of Excellence / trustedci.org
Director, Center for Applied Cybersecurity Research / cacr.iu.edu
Executive Director Cybersecurity Innovation / Indiana University
Associate Director, Pervasive Technology Institute / pti.iu.edu
vwelch () iu edu / (812) 856-0363


> On Jul 24, 2020, at 4:08 PM, Wesolowski, Nathan R. <Nathan.Wesolowski () NWTC EDU> wrote:
>
> Hello everyone, this is my first time posting here.
>  
> Since last weekend we have observed an unusually high number of new student applications/registrations containing 
> fake information.  After investigating, I discovered that our College was recently featured on a Chinese blog.  The 
> blog’s “educational welfare” category lists dozens of other colleges and universities, along with step-by-step 
> details for obtaining free accounts/email addresses  - hxxps://404edublog.cf/ <https://404edublog.cf/>.
>  
> It is obvious that these scammers are after a .EDU email address.  With the ongoing COVID situation, we have waved or 
> postponed certain fees in an attempt to reduce any registration barriers.  I believe that this is contributing to our 
> problem.  While we have tools in place to help us identify and remove fake identities, I am curious to know what 
> others have done about this problem.
>  
> Thanks,
> Nate
>  
> Nate Wesolowski
> Information Security Analyst
>  
> Northeast Wisconsin Technical College
> 2740 W. Mason Street
> Green Bay, WI 54307
> O 920.498.6943 | T 800-422-NWTC
> nate.wesolowski () nwtc edu <mailto:nate.wesolowski () nwtc edu> | nwtc.edu <https://www.nwtc.edu/>
>  
> <image001.jpg>
>  
>
>
> CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged 
> information, and unauthorized disclosure or use is prohibited. If you received this e-mail in error, please notify 
> the sender and delete this e-mail from your system.
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
> person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
> and subscription information can be found at https://www.educause.edu/community <https://www.educause.edu/community>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community